Re: ports and ipv6 brackets in certificate subjects

2006-10-06 Thread Rich Megginson
Nelson B wrote: Rich Megginson wrote: In the LDAP C SDK code, we call SSL_SetURL with the hostlist argument which is passed in to ldapssl_connect(). So I suppose the real fix for the ldap c sdk is to make sure we call SSL_SetURL with a simple hostname. Let me suggest that the "real fix"

Re: ports and ipv6 brackets in certificate subjects

2006-10-06 Thread Nelson B
Rich Megginson wrote: > In the LDAP C SDK code, we call SSL_SetURL with the hostlist argument > which is passed in to ldapssl_connect(). So I suppose the real fix for > the ldap c sdk is to make sure we call SSL_SetURL with a simple > hostname. Let me suggest that the "real fix" is for the

Re: ports and ipv6 brackets in certificate subjects

2006-10-06 Thread Nelson B
Rich Megginson wrote: > Nelson B wrote: >> Below, you seem to be asking how they are stored in certificates. >> >> I'll answer the questions about what appear in certs. >> >>> 1) Are appended ports actually allowed in the subjectAltName or CN? >> No. > > How about the return value from SSL_Reve

Re: ports and ipv6 brackets in certificate subjects

2006-10-05 Thread Rich Megginson
Rich Megginson wrote: Nelson B wrote: Ulf Weltman wrote: Hi all. I'm writing some code that prepares compact host:port addresses for certificate CN checking. This is to handle an application that keeps a host list like "foo.example.com 192.168.1.1:2389 [fe80::230:6eff:fe4b:703] [fe80::230:

Re: ports and ipv6 brackets in certificate subjects

2006-10-05 Thread Steve Parkinson
Nelson B wrote: But even though the RFCs define how IP addresses are represented in certificates, I think you'll not find any real CAs that issue certs with IP addresses in them. IP addresses in certificates are used for network infrastructure security, such as with IPSEC. For instance, when

Re: ports and ipv6 brackets in certificate subjects

2006-10-05 Thread Rich Megginson
Nelson B wrote: Ulf Weltman wrote: Hi all. I'm writing some code that prepares compact host:port addresses for certificate CN checking. This is to handle an application that keeps a host list like "foo.example.com 192.168.1.1:2389 [fe80::230:6eff:fe4b:703] [fe80::230:6eff:fe4b:703]:3389".

Re: ports and ipv6 brackets in certificate subjects

2006-10-05 Thread Nelson B
Ulf Weltman wrote: > Hi all. I'm writing some code that prepares compact host:port addresses > for certificate CN checking. This is to handle an application that > keeps a host list like "foo.example.com 192.168.1.1:2389 > [fe80::230:6eff:fe4b:703] [fe80::230:6eff:fe4b:703]:3389". > > After b

ports and ipv6 brackets in certificate subjects

2006-10-04 Thread Ulf Weltman
Hi all. I'm writing some code that prepares compact host:port addresses for certificate CN checking. This is to handle an application that keeps a host list like "foo.example.com 192.168.1.1:2389 [fe80::230:6eff:fe4b:703] [fe80::230:6eff:fe4b:703]:3389". After browsing through various RFCs I